Skip to content

Commit 8e0580e

Browse files
committed
Throw explicit exception if server DIGEST challenge has no qop value
1 parent d659778 commit 8e0580e

2 files changed

Lines changed: 7 additions & 5 deletions

File tree

java/org/apache/tomcat/websocket/DigestAuthenticator.java

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,9 @@ public String getAuthorization(String method, String requestUri, String authenti
6363

6464
String nonce = parameterMap.get("nonce");
6565
String messageQop = parameterMap.get("qop");
66+
if (messageQop == null || messageQop.isEmpty()) {
67+
throw new AuthenticationException(sm.getString("digestAuthenticator.noQop"));
68+
}
6669
String algorithm = parameterMap.get("algorithm") == null ? "MD5" : parameterMap.get("algorithm");
6770
String opaque = parameterMap.get("opaque");
6871
if (cnonceGenerator == null) {
@@ -99,11 +102,9 @@ public String getAuthorization(String method, String requestUri, String authenti
99102
challenge.append("opaque=\"").append(opaque).append("\",");
100103
}
101104

102-
if (messageQop != null && !messageQop.isEmpty()) {
103-
challenge.append("qop=\"").append(messageQop).append("\"");
104-
challenge.append(",cnonce=\"").append(cNonce).append("\",");
105-
challenge.append("nc=").append(String.format("%08X", Integer.valueOf(nonceCount)));
106-
}
105+
challenge.append("qop=\"").append(messageQop).append("\"");
106+
challenge.append(",cnonce=\"").append(cNonce).append("\",");
107+
challenge.append("nc=").append(String.format("%08X", Integer.valueOf(nonceCount)));
107108

108109
return challenge.toString();
109110

java/org/apache/tomcat/websocket/LocalStrings.properties

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,7 @@ clientEndpointHolder.instanceCreationFailed=Failed to create WebSocketEndpoint
4444
clientEndpointHolder.instanceRegistrationFailed=Failed to register Endpoint instance with the InstanceManager
4545

4646
digestAuthenticator.algorithm=Unable to generate request digest [{0}]
47+
digestAuthenticator.noQop=The server challenge did not include a qop value
4748

4849
futureToSendHandler.timeout=Operation timed out after waiting [{0}] [{1}] to complete
4950

0 commit comments

Comments
 (0)